===== S3 Bucket Policy =====
{{tag>AWS}}

If account 111111111111 owns S3 bucket "examplebucket" and wants to allow admin users in account 222222222222 list and write access the following policy can be used.  If non admin users in account 222222222222 need list or write access that would have to be granted via user policy in account 222222222222.

<file>
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "Example permissions",
			"Effect": "Allow",
			"Principal": {
				"AWS": "arn:aws:iam::222222222222:root"
			},
			"Action": [
				"s3:GetBucketLocation",
				"s3:ListBucket"
			],
			"Resource": "arn:aws:s3:::examplebucket"
		},
		{
			"Sid": "Example permissions",
			"Effect": "Allow",
			"Principal": {
				"AWS": "arn:aws:iam::222222222222:root"
			},
			"Action": "s3:PutObject",
			"Resource": "arn:aws:s3:::examplebucket/*"
		}
	]
}
</file>

----

http://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example2.html

----

IAM policy to allow user access to a specific bucket.
<code JavaScript>
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "BucketAndObjects",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObjectAcl",
                "s3:GetObject",
                "s3:ObjectOwnerOverrideToBucketOwner",
                "s3:ListBucket",
                "s3:DeleteObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::s3bucketname/*",
                "arn:aws:s3:::s3bucketname"
            ]
        },
        {
            "Sid": "Buckets",
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "*"
        }
    ]
}
</code>